A-TRM Controller

Company Description

Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.

Natixis in Portugal is part of the Global Financial Services division, where it applies technology for the development of financial expertise in its two global business lines – Corporate & Investment Banking and Asset & Wealth Management – and, transversally, for the entities of Groupe BPCE.

The Centre of Expertise, based in Porto, currently has more than 2,400 employees from over 30 nationalities, organised in three main departments: Information Technology, Banking Support Activities and Compliance. These teams work in an integrated, inclusive and transversal way, supporting and creating value for all the business lines and platforms of the group. The project in Porto is one of the biggest investments in Human Resources ever made by Groupe BPCE worldwide.

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

In 2024, Top Employers Institute has awarded Natixis in Portugal the Top Employer Portugal accreditation for the second time. This certification recognizes excellence in people practices, following the example of our head office, in France, who was certified Top Employer France for the eight year in a row.

Job Description

Team presentation and main goal:  

The Compliance area ensures business follows external as well as internal rules and policies, and also internal controls, protecting therefore business activities and employees from non-compliance risks. 

At Natixis Portugal, Compliance provides specialized services for worldwide GFS and Groupe BPCE.  

With growing security threats and ever-increasing regulatory complexity, our information security and risk practices continue to expand. As part of our technology risks management framework, the A-TRM will help to ensure that appropriate risk management policies exist and are implemented to safeguard business activities at Natixis Portugal. The role will work in close liaison with head office to ensure, where appropriate, that group policies are incorporated locally. 

This role sits within the Compliance, and it will report directly to Natixis Portugal Head of Compliance. 

Main tasks and goals: 

As a control function, the ATRM controller is independent from the Technology operational units and directly reports to the local CISO function. It is directly accountable to the management body and responsible for monitoring and controlling adherence to the Technology Risk Management framework. 

The ATRM controller will: 

• Support the establishment and communication of GFS´s governance, risk and control strategies, frameworks and policies; 
• Identify, manage, measure and monitor technology risks with regards to business impacts, threats and weaknesses; 
• Determine the criticality of the technology assets in coordination with the first line of defense (LoD1); 
• Provide oversight and independent challenge to the first line through an effective, objective assessment that is evidenced and documented where material; 
• Identify, assess and communicate relevant regulatory changes; 
• Ensure activities are compliant with applicable laws and regulations; 
• Support the monitoring and reporting on compliance with the Natixis Technology Risk Appetite and policies; 
• Escalate technology risk issues in a timely manner; 
• Provide training, tools, and advice to support the first line in carrying out its accountabilities; 
• Support the promotion of a strong risk management culture and awareness 

Qualifications

• Graduation in Engineering, Management or Finance 
• 1-3 years of experience in:

1. Technology Risk Management 
2. Information Security Management 
3. Governance and technical aspects of data classification, data protection, cyber security, access management, SIEM and incident management 
4. Outsourcing project management 
5. Establishing risk-based security policies 

• Fluency in English is mandatory; and knowledge of French is a plus.
• Good knowledge of Banking Regulations and/or corporate and banking business (to drive security into new business products and activities) 
• Sense of ownership and responsibility  
• Ability to challenge status quo and advocate a risk-based approach of controls 
• Creativity, initiative and result-driven orientation  
• Communication skills 
• Ability to deal with senior management 

We will only consider English CV's. 

Additional Information

At Natixis, we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment, innovation and performance.

In the framework of its Diversity, Equity & Inclusion policy, Natixis in Portugal has implemented a Blind CV Screening process, with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicant’s gender, age or ethnicity. When applying for our positions, please submit a blind CV, that is, with no picture, name, gender, age, nationality, ethnicity and address. Your personal statement, work experience, courses and certifications, education, skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes, you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat, in one of Porto’s most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status, priorities and blockers, language class and, just after, a Talent Management meeting with your manager, discussing your career path. 

 Lunch break. Today, your Team is onboarding newcomers, but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning, inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

 Back inside. Brainstorming session on a new, exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks, meetings, some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali, the Indian festival of lights. 

 Tomorrow, you attend a conference led by influential speakers in your industry and, the day after, you will work from home, benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day, strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you, meet your colleagues to catch some waves or sail the Douro river during golden hour.